SO_WSK_SECURITY

The SO_WSK_SECURITY socket option allows a WSK application to either apply a security descriptor to a socket or retrieve a cached copy of a socket's security descriptor from a socket. The security descriptor controls the sharing of the local transport address to which the socket is bound.

This socket option applies only to listening sockets, datagram sockets, and connection-oriented sockets.

If a WSK application uses this socket option to apply a security descriptor to a socket, it must do so before the socket is bound to a local transport address.

To apply a security descriptor to a socket, a WSK application calls the WskControlSocket function with the following parameters.

Parameter Value

RequestType

WskSetOption

ControlCode

SO_WSK_SECURITY

Level

SOL_SOCKET

InputSize

sizeof(PSECURITY_DESCRIPTOR)

InputBuffer

A pointer to a PSECURITY_DESCRIPTOR-typed variable. This variable must contain a pointer to a cached copy of a security descriptor that was obtained by calling the WskControlClient function with the WSK_CACHE_SD control code.

OutputSize

0

OutputBuffer

NULL

OutputSizeReturned

NULL

A WSK application must specify a pointer to an IRP when calling the WskControlSocket function to apply a security descriptor to a socket.

If a WSK application uses this socket option to apply a security descriptor to a socket, the new security descriptor replaces any security descriptor that was previously applied to the socket.

A WSK application must not release the cached copy of the security descriptor until after the IRP is completed.

A WSK application can also apply a security descriptor to a socket when the socket is initially created by specifying a pointer to a cached copy of a security descriptor in the SecurityDescriptor parameter when it calls the WskSocket or WskSocketConnect function.

If a WSK application does not apply a security descriptor to a socket, the WSK subsystem uses a default security descriptor that does not allow sharing of the local transport address.

To retrieve a cached copy of a socket's security descriptor from a socket, a WSK application calls the WskControlSocket function with the following parameters.

Parameter Value

RequestType

WskGetOption

ControlCode

SO_WSK_SECURITY

Level

SOL_SOCKET

InputSize

0

InputBuffer

NULL

OutputSize

sizeof(PSECURITY_DESCRIPTOR)

OutputBuffer

A pointer to a PSECURITY_DESCRIPTOR-typed variable. This variable receives a pointer to a cached copy of the socket's security descriptor.

OutputSizeReturned

NULL

A WSK application must specify a pointer to an IRP when calling the WskControlSocket function to retrieve a cached copy of a socket's security descriptor from a socket.

A WSK application must call the WskControlClient function with the WSK_RELEASE_SD control code to release the cached copy of the security descriptor when it is no longer needed.

See the reference page for the SECURITY_DESCRIPTOR structure for more information.

Requirements

Version

Available in Windows Vista and later versions of the Windows operating systems.

Header

Wsk.h (include Wsk.h)